Vulnerabilities (CVE)

Filtered by vendor Baxter Subscribe
Filtered by product Em2400 Firmware
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12032 1 Baxter 4 Em1200, Em1200 Firmware, Em2400 and 1 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device data with sensitive information in an unencrypted database. This could allow an attacker with network access to view or modify sensitive data including PHI.
CVE-2020-12024 1 Baxter 4 Em1200, Em1200 Firmware, Em2400 and 1 more 2024-11-21 3.6 LOW 6.1 MEDIUM
Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation of this vulnerability may allow an attacker with physical access to the system the ability to load an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.
CVE-2020-12020 1 Baxter 4 Em1200, Em1200 Firmware, Em2400 and 1 more 2024-11-21 3.6 LOW 6.1 MEDIUM
Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user.
CVE-2020-12016 1 Baxter 4 Em1200, Em1200 Firmware, Em2400 and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI.
CVE-2020-12012 1 Baxter 4 Em1200, Em1200 Firmware, Em2400 and 1 more 2024-11-21 3.6 LOW 6.1 MEDIUM
Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative account credentials for the ExactaMix application. Successful exploitation of this vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.
CVE-2020-12008 1 Baxter 4 Em1200, Em1200 Firmware, Em2400 and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext messages to communicate order information with an order entry system. This could allow an attacker with network access to view sensitive data including PHI.